Implementing secure authentication without being a cryptography expert: Page 3 of 4

November 30, 2016 //By Christophe Tremlet
Implementing secure authentication without being a cryptography expert
Today, digital security is one of the most hyped topics in electronic design. For many engineers, encryption is probably the first word that comes to mind when they think about security. Probably only a few think initially about authentication.

Why security ICs are beneficial for authentication

Challenge-response authentication always needs the object to be authenticated to hold a secret. In symmetric cryptography, this is the shared secret between the host and the device. For asymmetric cryptography, this is the private key. In any case, the security brought by challenge-response authentication breaks when the secret is revealed. Here’s where security ICs can help. One fundamental feature of security ICs is to provide strong protection of keys and secrets.

Maxim offers three families of solutions to support authentication:

  • Authentication ICs: These are configurable but fixed-function devices that provide the most affordable way to implement challenge-response authentication, along with a compact set cryptographic operations
  • Secure microcontrollers: On top of supporting challenge-response authentication, these devices offer a full set of cryptographic functions, including encryption
  • Low-power microcontrollers: While these products do not exclusively target security, they have all of the building blocks required to enable strong authentication

Within authentication ICs, the SHA-256-based products support authentication based on shared secrets (Figure 3), while ECDSA-based ICs use a private/public key pair (Figure 4).

Fig. 3: SHA-256 secure authentication is based on shared secrets.

In addition to the cryptographic engines, these products feature on-board EEPROM memory. This memory is configurable and can be used to store authenticated user data such as calibration information for sensors.

Fig. 4: ECDSA-based authentication relies on a private/public key pair.

SHA-256-based products are the most affordable solutions. While they enable mutual authentication, the distribution of the shared secret requires some precautions so that the secret is not exposed during device manufacturing and set-up. The secret can be programmed in a Maxim factory to circumvent this drawback.

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.